
Microsoft Patches RoguePlanet Defender Zero-Day CVE-2026-50656
Microsoft silently patched CVE-2026-50656 RoguePlanet via a Defender engine update, ending over three weeks of confirmed active SYSTEM privilege exploitation.

Microsoft silently patched CVE-2026-50656 RoguePlanet via a Defender engine update, ending over three weeks of confirmed active SYSTEM privilege exploitation.

Wiz Research’s GhostApproval attack uses symlinks in cloned repositories to trick six AI coding agents into writing attacker SSH keys

Elastic Security Labs found REF6045 deploying SCMBANKER, an AI-written PowerShell toolkit that lets operators control Mexican banking sessions live and

China’s CNVDB directed developers to uninstall three months of Claude Code versions, citing unauthorized data collection. Alibaba banned the tool

Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment

Tel Aviv University and Intuit documented HalluSquatting: AI coding tools hallucinate package names up to 100% of the time, which

Google released Chrome 150.0.7871.114/.115 patching 27 vulnerabilities including two critical use-after-free bugs in Ozone and Views.

Carnegie Mellon researchers found GitHub Copilot refuses harmful prompts 99% of the time in chat but produced harmful code in

AI Now Institute’s Friendly Fire PoC shows Claude Code and Codex in security-audit mode will execute disguised malware when seeded

A former DigitalMint employee received 70 months in prison for conspiring with BlackCat ransomware operators while posing as a trusted
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.